EUVD-2026-29369

Due to insufficient CSRF protection in SAP BusinessObjects Business Intelligence Platform ,an authenticated user could be tricked by an attacker to send unintended requests to the web server. This has low impact on integrity and availability of the application. There is no impact on confidentiali...

CVE-2026-0502

Due to insufficient CSRF protection in SAP BusinessObjects Business Intelligence Platform ,an authenticated user could be tricked by an attacker to send unintended requests to the web server. This has low impact on integrity and availability of the application. There is no impact on confidentiali...

CVE-2013-7355

SQL injection vulnerability in SAP BI Universal Data Integration allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to the J2EE schema...

EUVD-2025-30426

Malicious code in bioql PyPI...

CVE-2025-42907

SAP BI Platform allows an attacker to modify the IP address of the LogonToken for the OpenDoc. On accessing the modified link in the browser a different server could get the ping request. This has low impact on integrity with no impact on confidentiality and availability of the system...

CVE-2025-42907

CVE-2025-42907 concerns SAP BI Platform. Multiple connected sources confirm a vulnerability where an attacker can modify the IP address in the LogonToken attached to OpenDoc, and when the modified link is opened in a browser, a different server could receive a ping request. The impact is describe...

CVE-2025-42907 Server-Side Request Forgery in SAP BI Platform

SAP BI Platform allows an attacker to modify the IP address of the LogonToken for the OpenDoc. On accessing the modified link in the browser a different server could get the ping request. This has low impact on integrity with no impact on confidentiality and availability of the system...

PT-2025-39106

Name of the Vulnerable Software and Affected Versions SAP BI Platform affected versions not specified Description An attacker can modify the IP address within the LogonToken associated with OpenDoc. Accessing the modified link in a web browser may redirect a ping request to a different server. Th...

Malicious code in sap-bi (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9378dbebfab5e0fed6e32b005b87a41f44711b48bdec5bff5c8afe2b6b4d1b75 The OpenSSF Package Analysis project identified 'sap-bi' @ 0.0.0 npm as malicious. It is considered malicious because: - The package communicate...

MAL-2024-7616 Malicious code in sap-bi (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9378dbebfab5e0fed6e32b005b87a41f44711b48bdec5bff5c8afe2b6b4d1b75 The OpenSSF Package Analysis project identified 'sap-bi' @ 0.0.0 npm as malicious. It is considered malicious because: - The package communicate...

CVE-2021-33679

The SAP BusinessObjects BI Platform version - 420 allows an attacker, who has basic access to the application, to inject a malicious script while creating a new module document, file, or folder. When another user visits that page, the stored malicious script will execute in their session, hence...

SAP BusinessObjects Business Intelligence 跨站脚本漏洞

SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP. The platform combines market-leading SAP data integration products, data management products, and business intelligence BI products to eliminate system integration challenges and deploy...

CVE-2018-2370

Server Side Request Forgery SSRF vulnerability in SAP Central Management Console, BI Launchpad and Fiori BI Launchpad, 4.10, from 4.20, from 4.30, could allow a malicious user to use common techniques to determine which ports are in use on the backend server...

Authentication flaw

SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, and 4.30, does not perform authentication checks for functionalities that require user identity...

CVE-2017-16681

CVE-2017-16681 affects SAP Business Intelligence Promotion Management Application Enterprise (versions 4.10, 4.20, 4.30). The issue is a Cross-Site Scripting (XSS) vulnerability where user-controlled inputs are not sufficiently encoded, enabling arbitrary code execution in a victim’s browser. Con...

Unspecified Denial of Service Vulnerability in SAP BI Launch Pad

An unspecified denial of service vulnerability exists in SAP BI Launch Pad. The vulnerability could be exploited by an attacker to launch a denial of service attack...

CVE-2013-7355

SQL injection vulnerability in SAP BI Universal Data Integration allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to the J2EE schema...